X
Tech
Home Tech Security

Microsoft to 'killbit' MSXML4

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.
Written by Ryan Naraine, Contributor
Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

The killbit, also known as a registry key update, applies to Internet Explorer only and is expected to happen in the October-December 2007 time frame, according to a notice posted to Redmond's XML team blog.

"We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience," the group said.

Support for MSXML4 going forward will be restricted to high impact security issues only.

The decision comes on the heels of last November's malware attacks against a code execution vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services. This flaw affected systems where MSXML4 was installed.

Microsoft released a security bulletin (MS06-071) with patches to address the vulnerability.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now